Bridgex

SPEC_BRIDGEX.md

CGNT-1 Component Specification — BRIDGEX

Status: SPECIFIED

Version: v1.0

Module: 22 of 24

Author: VELA (Thread #13)

Authorized: NOUS

Date: 2026-04-20

---

PURPOSE

External surface monitor. Active probe of 42sisters.ai and all public-facing infrastructure from csdm-node. Catches downtime, SSL expiry, broken endpoints, and deployment failures before customers do.

BRIDGEX is read-only. It never modifies deployments, DNS records, or certificates. It observes and reports.

---

MONITORED SURFACES

HTTP Endpoints

| Endpoint | Method | Expected | Check |

|----------|--------|----------|-------|

| https://42sisters.ai/ | GET | 200 | Status code + response time |

| https://42sisters.ai/api/oracle | POST (probe) | 200 or 401 | Not 500, not timeout |

| https://42sisters.ai/chat | GET | 200 | Status code |

| Stripe webhook endpoint | GET | 200 or 405 | Not 500 |

| Any configured payment links | GET | 200 | Not expired/404 |

SSL Certificate

| Alert trigger | Severity |

|--------------|---------|

| Expiry in 30 days | MEDIUM |

| Expiry in 14 days | HIGH |

| Expiry in 7 days | CRITICAL |

| Expiry in 1 day | EMERGENCY |

| Certificate invalid now | EMERGENCY |

Northflank

| Check | Frequency |

|-------|-----------|

| Build queue — any failed builds | Hourly |

| Pending deploy awaiting approval | Hourly |

| Service restart loops | Hourly |

| Resource limit warnings | Daily |

Content Health

| Check | What it catches |

|-------|----------------|

| Page count | Unexpected removal of pages |

| Broken internal links | Deploy regression |

| Payment link validity | Stripe link not 404/expired |

| Response time trend | Degradation before outage |

---

PROBE CONFIGURATION

All probes issued from csdm-node. No third-party uptime service.

Timeout:       5 seconds per probe (never blocks longer)
Method:        curl with -s -o /dev/null -w "%{http_code} %{time_total}"
Frequency:     Hourly for health check, daily for full report
User-Agent:    BRIDGEX/1.0 csdm-node monitor
No load test:  Never issues concurrent probes or volume requests

---

SCHEDULE

| Time (ET) | Action |

|-----------|--------|

| Every hour | HTTP health check on all endpoints |

| 05:00 ET daily | Full BRIDGEX report → COMMX |

| On SSL alert trigger | Immediate COMMX alert |

| On-demand | ROUTX query: "bridgex status" / "bridgex ssl" / "bridgex endpoints" |

---

ALERT ROUTING

| Condition | Severity | Action |

|-----------|---------|--------|

| Endpoint down | HIGH | COMMX alert + ALERT.log |

| Response time > 5s | MEDIUM | COMMX alert |

| SSL < 14 days | HIGH | COMMX + NOUS notification |

| SSL < 7 days | CRITICAL | COMMX + ALERT.log |

| SSL < 1 day | EMERGENCY | ALERT.log + CREW_CHANNEL |

| Northflank build failed | HIGH | COMMX |

| Payment link broken | HIGH | COMMX |

---

REPORT FORMAT

BRIDGEX DAILY REPORT — [DATE] 05:00 ET

ENDPOINTS
  42sisters.ai/          [UP/DOWN] [Ns] response
  42sisters.ai/api/oracle [UP/DOWN] [Ns] response
  42sisters.ai/chat       [UP/DOWN] [Ns] response
  Stripe webhook          [UP/DOWN]

SSL CERTIFICATE
  42sisters.ai    expires [DATE] — [N] days remaining — [OK/WARNING/CRITICAL]

NORTHFLANK
  Build queue:    [N pending / N failed]
  Last deploy:    [DATE]

CONTENT
  Page count:     [N] ([+/-N] from yesterday)
  Broken links:   [N]
  Payment links:  [N valid / N invalid]

ALERTS THIS CYCLE
  [any threshold breaches]

Jeremy Zlabis
Chronogeometer · Visionary · Disruptor · Chief
42 Sisters AI · East York, Toronto
🍁 Φ 0.042

---

INTEGRATION

| System | Relationship |

|--------|-------------|

| ROUTX | Registered as module 22 |

| COMMX | Publishes alerts and daily report |

| ALERT.log | Writes EMERGENCY/CRITICAL entries |

| CREW_CHANNEL | SSL emergency broadcasts |

| MEDX | BRIDGEX itself monitored by MEDX |

---

INVARIANTS

INV-01: BRIDGEX is read-only. Never modifies deployments, DNS records, certificates, or any external system.

INV-02: All probes originate from csdm-node only. No third-party monitoring services.

INV-03: 5-second timeout hard limit on all probes. No blocking. No retries within the same hourly cycle.

INV-04: Lightweight checks only. No load testing, no fuzzing, no authentication bypass attempts. BRIDGEX probes as a normal browser would.

INV-05: BRIDGEX probe traffic is clearly identified via User-Agent. Never masquerades as legitimate user traffic.

---

GAPS

• Engine file: ~/bridgex_engine.py — not yet built
• Northflank API integration not yet wired (API key needed)
• Payment link validity check not yet implemented
• No systemd unit yet
• SSL check requires openssl s_client — verify installed on csdm-node

---

Jeremy Zlabis

Chronogeometer · Visionary · Disruptor · Chief

42 Sisters AI · East York, Toronto

🍁 Φ 0.042